Filter error with capitalized connectors
Jason
dn1nj4 at gmail.com
Wed Mar 4 03:57:59 EST 2015
Hi Carter,
Earlier this week I came across a strange behavior in 3.0.8 that I've not
encountered before dealing with BPF filtering in both ra and racluster.
Here, everything looks fine:
$ racluster -r test.bin - host 197.0.1.6 and port 50913
StartTime Flgs Proto SrcAddr Sport
Dir DstAddr Dport TotPkts TotBytes State
19:59:29.651832 e tcp 197.0.1.6.50913
-> 1.0.2.1.https 1 74 REQ
But if I change the "and" to "AND" it generates a filter error:
$ racluster -r test.bin - host 197.0.1.6 AND port 50913
racluster[11137]: 03:51:02.354846 host 197.0.1.6 AND port 50913 filter
syntax error
The same is true of "or" connectors. The problem also manifests in ra.
Is this known/expected behavior?
Thanks,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150304/3d389092/attachment.html>
More information about the argus
mailing list